United States Patent and Trademark Office 


UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 


APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


| ATTORNEY DOCKET NO. | CONFIRMATION NO. 


09/825,326 


2512 


04/03/2001 


7590 

PERMAN & GREEN 
425 POST ROAD 
FAIRFIELD, CT 06824 


03/28/2005 


Dalia Shohat 


785-OI0280-US(PAR) 


1778 


EXAMINER 


ABRISHAMKAR, KAVEH 


ART UNIT 


PAPER NUMBER 


2131 

DATE MAILED: 03/28/2005 


Please find below and/or attached an Office communication concerning this application or proceeding. 


PTO-90C (Rev. 10/03) 


Office Action Summarv 

Application No. 

09/825,326 

Applicant(s) 

SHOHAT, DALIA 

Examiner 

Kaveh Abrishamkar 

Art Unit 
2131 



- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 


Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

• Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )H Responsive to communication(s) filed on 01 December 2004 . 
2a)M This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayte, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-10 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) I3 Claim(s) 1-10 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1. D Certified copies of the priority documents have been received. - - 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . This action is in response to the communication received on December 1, 2004. 
Claims 1-10 were originally received for consideration. No claims were cancelled or 
added. Claims 1 - 10 are currently being considered. 

Response to Arguments 

2. Applicant's arguments, filed on December 1 , 2004, have been fully considered 
but they are not persuasive because of the following reasons: 

Regarding claim 1, the applicant argues that the CPA, Deinhart et al. (U.S. 
Patent No. 5,91 1 ,143), does not teach 'automated creation of roles." This argument 
is not found persuasive. The CPA teaches the combining a job position with at least 
one role type, and states "this allows automated derivation of role instances with no 
administrative activity" (column 4 lines 46-54). Therefore, the Examiner respectfully 
asserts that the CPA does teach the "automated creation of roles " Furthermore, the 
applicant argues that the CPA does not teach "mined security data is grouped into 
roles." This argument is not found persuasive. The CPA teaches many instances of 
using security data to create roles, and specifically, the CPA discloses that different 
roles are associated with different capability lists, which govern what accesses, rights, 
and privileges each role instance is entitled. Furthermore, the CPA states "it is also 
possible to derive capability lists from existing access control lists" (column 10 lines 25- 
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26). Access control lists are security data, and deriving a capability list from the security 
data, to create a capability lists that are used to create a role is analogous to creating 
roles from mined security data. Accordingly, the rejection for the pending claims 1-10 
is respectfully maintained as given below. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 

form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

3. Claims 1-10 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Deinhart et al . (U .S. Patent 5,91 1 , 1 43). 

Regarding claim 1, Deinhart discloses: 

Process forthe automated creation of roles for a role-based access control 
system of an enterprise, whereas the system organizes and manages the access of 
users to sensitive information in an inter- and/or intranet, by means of at least one 
database comprising at least the relevant, existing security data about users and their 
access to sensitive information, the data base being connected to a computer, the 
process comprises the following steps: 
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a) loading the security data from the database into the computer (Figure 3A, column 4 
line 37 - column 5 line 1 1 , column 7 lines 1 6 - 30, column 8 lines 52 - 65, column 1 0 
lines 1 - 26) 

b) mining the loaded data to find similarities that will allow the creation of organizational 
roles and/or functional roles (Figure 3A, column 4 line 37 - column 5 line 1 1 , column 7 
lines 16-30, column 8 lines 52 - 65, column 10 lines 1 - 26) and 

c) creation of at least one role based on the outcome of step b (Figure 3A, column 4 line 
37 - column 5 line 1 1 , column 7 lines 1 6 - 30, column 8 lines 52 - 65, column 1 0 lines 1 
- 26). 


Claim 2 is rejected as applied above in rejecting claim 1 . Furthermore, Deinhart 
discloses: 

Process according to claim 1 , whereas the computer is connected to the inter- 
and/or intranet and automatically assigns the created role(s) according to step c to the 
users in the inter- and/or intranet (column 4 line 37 - column 5 line 11). 


Claim 3 is rejected as applied above in rejecting claim 1 . Furthermore, Deinhart 
discloses: 

Process according to claim 1 , whereas the database is stored on a hard disk 
(column 3 lines 19-33). 
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Claim 4 is rejected as applied above in rejecting claim 1 . Furthermore, Deinhart 
discloses: 

Process according to claim 1, whereas the database is stored on the RAM of a 
computer (column 3 lines 19 - 33). 

Claim 5 is rejected as applied above in rejecting claim 1 . Furthermore, Deinhart 
discloses: 

Process according to claim 1 , whereas the mining of the loaded security data 
comprises clustering the loaded data to find suitable semantics for role description 
and/or statistics for values of all role attributes (Figure 3A, column 4 line 37 - column 5 
line 1 1 , column 7 lines 1 6 - 30, column 8 lines 52 - 65, column 1 0 lines 1 - 26). 

Claim 6 is rejected as applied above in rejecting claim 1 . Furthermore, Deinhart 
discloses: 

Process according to claim 1 , whereas the mining of the loaded security data 
comprises association methods to find similarities in the loaded security data and 
preferably group as much as possible of the security data into as little as possible roles 
(Figure 3A, column 4 line 37 - column 5 line 1 1 , column 7 lines 16 - 30, column 8 lines 
52 - 65, column 10 lines 1 - 26). 

Claim 7 is rejected as applied above in rejecting claim 1 . Furthermore, Deinhart 
discloses: 
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Process according to claim 1 , whereas the resulting roles are automatically 
checked and approved by the computer before they are assigned to the users (Figure 
3A, column 4 line 37 - column 5 line 11, column 7 lines 16-30, column 8 lines 52-65, 
column 10 lines 1 - 26). 

Claim 8 is rejected as applied above in rejecting claim 1 . Furthermore, Deinhart 
discloses: 

Process according to claim 1 , whereas the relevant data is at least access 
control data, organizational data and/or functional data of the enterprise (Figure 3A, 
column 4 line 37 - column 5 line 1 1 , column 7 lines 1 6 - 30, column 8 lines 52 - 65, 
column 10 lines 1 - 26). 

Claim 9 is rejected as applied above in rejecting claim 1 . Furthermore, Deinhart 
discloses: 

Process according to claim 1 1 that in a first step the data is explored by the 
computer (Figure 3A, column 4 line 37 - column 5 line 1 1 , column 7 lines 1 6 - 30, 
column 8 lines 52 - 65, column 10 lines 1 - 26). 

Claim 10 is rejected as applied above in rejecting claim 1 . Furthermore, Deinhart 
discloses: 
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Process according to claim 1 , whereas the created roles are automatically stored 
in the database (Figure 3A, column 4 line 37 - column 5 line 1 1 , column 7 lines 1 6 - 30, 
column 8 lines 52 - 65, column 10 lines 1 - 26). 

Conclusion 

4. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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